<?php
if (!defined('IN_CONTEXT')) die('access violation error!');

function __autoload($class_name)
{
	$path = str_replace("_", "/", $class_name);
	if(file_exists("./{$path}.php"))
	{
		include_once "./{$path}.php";
	}
	else
	{
		if($class_name == 'SiteInfo' || $class_name == 'RecordTable') //解决与自助建站session冲突
		{
			include_once('./index.php');
		}
		else
		{
			die("Can not find this file: {$path}.php");
		}
	}
}

lib_toolkit::init();

class lib_toolkit
{
	public static function init()
	{
		error_reporting(0);//屏蔽NOTICE信息
	}
	
	public static function includeFile($file_name)
	{
		if(file_exists($file_name))
		{
			include_once $file_name;
		}
		else
		{
			die("Can not find this file: {$file_name}");
		}
	}
	
	public static function filterBrowserScript()
	{
		foreach($_REQUEST as $k => $v)
		{
			if (!get_magic_quotes_gpc())
			{
				if($v == $_GET[$k])
				{
					$_GET[$k] = addslashes($v);
					$_GET[$k] = htmlspecialchars($_GET[$k], ENT_QUOTES);
					$_GET[$k] = preg_replace("/<script.*>.*<\/script>/isU", "", $_GET[$k]);
				}
				elseif($v == $_POST[$k])
				{
					$_POST[$k] = addslashes($v);
					$_POST[$k] = htmlspecialchars($_POST[$k], ENT_QUOTES);
					$_POST[$k] = preg_replace("/<script.*>.*<\/script>/isU", "", $_POST[$k]);
				}
			}
		}
	}
	
	public static function filterSpace()
	{
		foreach($_REQUEST as $k => $v)
		{
			if($v == $_GET[$k])
			{
				$_GET[$k] = trim($v);
			}
			elseif($v == $_POST[$k])
			{
				$_POST[$k] = trim($v);
			}
			$_REQUEST[$k] = trim($v);
		}
	}
	
	public static function sqlInject()
	{
		foreach($_REQUEST as $k => $v)
		{
			if (!get_magic_quotes_gpc())
			{
				if($v == $_GET[$k])
				{
					$_GET[$k] = addslashes($v);
				}
				elseif($v == $_POST[$k])
				{
					$_POST[$k] = addslashes($v);
				}
			}
		}
	}
	
	public static function filterHtml()
	{
		foreach($_REQUEST as $k => $v)
		{
			if($_GET[$k] == $v)
			{
				$_GET[$k] = htmlspecialchars($v, ENT_QUOTES);
			}
			elseif($_POST[$k] == $v)
			{
				$_POST[$k] = htmlspecialchars($v, ENT_QUOTES);
			}
		}
	}
	
	public static function filterJs()
	{
		foreach($_REQUEST as $k => $v)
		{
			if($_GET[$k] == $v)
			{
				$_GET[$k] = preg_replace("/<script.*>.*<\/script>/isU", "", $v);
			}
			elseif($_POST[$k] == $v)
			{
				$_POST[$k] = preg_replace("/<script.*>.*<\/script>/isU", "", $v);
			}
		}
	}
	
	public static function islogin()
	{
		$_session_ = lib_session::init();
		$islogin = $_session_->getSession('login');
		return $islogin;
	}
	
	public static function getOperations()
	{
		$_session_ = lib_session::init();
		$roles = $_session_->getSession('u_role');
		if(empty($roles)) 
		{
			$_session_->destorySession();
			die("Permission denied.");
		}
		
		$roles = explode(',', $roles);//当前用户角色组
		$roles_sql = '';
		foreach($roles as $v)
		{
			$roles_sql .= "'$v',";
		}
		$roles_sql = substr($roles_sql,0,strlen($roles_sql)-1);
		
		$_mysql_ = lib_database::init();
		$rights = $_mysql_->findAll("rights","r_role IN ($roles_sql)",array('r_operation'));//查找当前用户角色组中的所有授权操作
		if(empty($rights))
		{
			$_session_->destorySession();
			die("Permission denied.");
		}
		
		$operations = '';
		foreach($rights as $k => $v)
		{
			$operations .= $v['r_operation'].',';
		}
		$operations = substr($operations,0,strlen($operations)-1);
		$operations = explode(',',$operations);//$operations是当前用户授权操作数组
		
		return $operations;
	}
}
?>